CODEWITHSUNDEEP
asp.netasp.net-mvcasp.net-identityowinowin-middleware
XPD
XPD

Reputation: 1215

Owin authentication does not emit cookie

I have following action in Login controller. For testing purposes Im not using a login form in Index action. Instead I create the claims identity and sign in. This action is GET not POST. It creates a claims identity and use that for AuthenticationManager.SignIn. But when I checked browser cookies I could not find the authentication cookie present. I am trying to figure out what has gone wrong.

    [AllowAnonymous]
    public ActionResult Index()
    {
        var identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "30"));
        identity.AddClaim(new Claim(ClaimTypes.Name, "JFid"));
        identity.AddClaim(new Claim(ClaimTypes.Email, "test"));

        AuthenticationManager.SignIn(new AuthenticationProperties()
        {
            IsPersistent = true,
            ExpiresUtc = DateTime.UtcNow.AddDays(7)

        }, identity);

        return View();
    }

And also I have enabled cookie authentication in OWIN.

[assembly: OwinStartup(typeof(D.Support.WebStartup))]
namespace D.Support
{
    public class WebStartup
    {
        public void Configuration(IAppBuilder app)
        {

        app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
        {
            LoginPath = new PathString("/MyLoginPath"),
            CookieName = "MyCookieName",
            CookieHttpOnly = true,

        });
        }
    }
}

Upvotes: 4

Views: 3621

Answers (2)

ian gao
ian gao

Reputation: 21

Just to put my finding here if anyone is curious on why we need to do as the accepted answer indicated.

If you don't specify an AuthenticationType in your CookieAuthenticationOptions, the default value it ends up using is CookieAuthenticationDefaults.AuthenticationType, which has the value of "Cookies"

And the DefaultAuthenticationTypes.ApplicationCookie from Microsoft.AspNet.Identity package has a string value of "ApplicationCookie"

And in the ApplyResponseGrantAsync() method of CookieAuthenticationHandler, which is invoked to append authentication cooker to the response header, the following code is called. And if the authenticationtype is not matched with claimsidentity's, it would return null.

/// <summary>
        /// Find response sign-in details for a specific authentication middleware
        /// </summary>
        /// <param name="authenticationType">The authentication type to look for</param>
        /// <returns>The information instructing the middleware how it should behave</returns>
        public AuthenticationResponseGrant LookupSignIn(string authenticationType)
        {
            if (authenticationType == null)
            {
                throw new ArgumentNullException("authenticationType");
            }

            AuthenticationResponseGrant grant = _context.Authentication.AuthenticationResponseGrant;
            if (grant == null)
            {
                return null;
            }

            foreach (var claimsIdentity in grant.Principal.Identities)
            {
                if (string.Equals(authenticationType, claimsIdentity.AuthenticationType, StringComparison.Ordinal))
                {
                    return new AuthenticationResponseGrant(claimsIdentity, grant.Properties ?? new AuthenticationProperties());
                }
            }

            return null;
        }

Upvotes: 1

Kahbazi
Kahbazi

Reputation: 14995

You should set the ClaimsIdentity AuthenticationType as the same as CookieOption AuthenticationType

 app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
    {
        LoginPath = new PathString("/MyLoginPath"),
        CookieName = "MyCookieName",
        CookieHttpOnly = true,
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie

    });

Upvotes: 8

Related Questions